The cryptographic infrastructure underpinning global financial systems — RSA, ECDSA, and Diffie-Hellman key exchange — is predicated on the computational intractability of integer factorization and discrete logarithm problems. A sufficiently powerful quantum computer running Shor's algorithm renders all three problems tractable in polynomial time, invalidating the security guarantees on which SWIFT messaging, RTGS settlement rails, institutional custody, and correspondent banking currently depend.1
The National Institute of Standards and Technology finalized four post-quantum cryptographic standards in August 2024: FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), FIPS 205 (SLH-DSA), and FIPS 206 (SLH-DSA-SHA2). Concurrently, NIST deprecated RSA and ECC for federal use with a mandatory migration deadline of 2030. OSFI, the Bank for International Settlements Innovation Hub, and the Financial Stability Board have each issued guidance indicating that financial institutions must demonstrate post-quantum readiness within their strategic planning horizons.
However, the migration challenge for financial institutions is not merely algorithmic. Legacy hardware security modules (HSMs), which form the trust anchor of most payment authorization pipelines, present a structural vulnerability that algorithm substitution alone does not resolve: the persistence of private keys in tamper-resistant storage. A key that is stored — however securely — can be exfiltrated through side-channel attacks, insider compromise, supply chain interdiction, or future vulnerabilities in the HSM firmware. Migrating from RSA-2048 to ML-DSA-87 within an HSM that retains the private key long-term substitutes one algorithm for another without addressing the underlying key-persistence attack surface.
This paper describes an architecture that eliminates key persistence as a vulnerability class entirely.
Nation-state adversaries are actively collecting encrypted financial communications today with the explicit intent of decrypting them retroactively once quantum computing capability matures — a strategy termed Harvest Now, Decrypt Later (HNDL).2 Classified assessments from the NSA, GCHQ, and CSE have indicated that cryptographically-relevant quantum computers (CRQCs) may be achievable within a 5–10 year horizon under well-resourced programs.
For financial institutions, the HNDL threat has two distinct dimensions. First, the confidentiality of historical transaction records: wire details, correspondent relationships, sovereign reserve movements, and custody positions collected today become decipherable when CRQCs arrive. Second, and more critically, the integrity of authorization chains: digital signatures applied today using RSA or ECDSA may be forgeable retroactively, enabling adversaries to fabricate transaction provenance records that appear indistinguishable from genuine historical authorizations.
The latter threat is not merely theoretical. Any institution that archives payment authorizations signed under classical algorithms is accumulating a liability whose magnitude grows proportionally to the assets those authorizations govern.
Current payment authorization infrastructure relies on Hardware Security Modules certified to FIPS 140-2/3 or Common Criteria EAL4+. These devices protect private keys through tamper-evident enclosures, active shielding, and secure key storage — but they do not eliminate key persistence. A private key enrolled in a legacy HSM exists continuously from enrollment through revocation, typically spanning months or years. This design reflects a reasonable engineering trade-off in the pre-quantum era, but it creates a concentrated, long-lived attack target.
| Property | Legacy HSM (RSA/ECDSA) | QSK Architecture (ML-DSA-87) |
|---|---|---|
| Key lifetime | Months to years | 50–150 ms (ceremony duration only) |
| Quantum resistance | None (RSA/ECC broken by Shor's) | NIST FIPS 204 Security Level 5 |
| Key extraction attack surface | Continuous (key always present) | Eliminated (key never persists) |
| Side-channel vulnerability window | Persistent | Single signing event only |
| Algorithm agnosticism (patent Claim 60) | Vendor/firmware constrained | Architecture-level, algorithm-independent |
| Biometric liveness gate | Typically absent | Hardware biometric liveness enforcement |
| HNDL retroactive forgery immunity | No — RSA/ECC signatures are forgeable post-CRQC | Yes — ML-DSA-87 is CRQC-resistant |
| Per-authorization audit record | Varies by implementation | Cryptographically bound, immutable |
Beyond algorithm vulnerability, legacy HSMs and banking infrastructure present a practical migration bottleneck: lattice-based signature schemes generate significantly larger key material and signatures than the RSA and ECC primitives that existing payment infrastructure was designed to carry.
| Algorithm | Public Key | Signature | Total Auth Payload | Infrastructure Context |
|---|---|---|---|---|
| ECDSA P-256 (Classical) | 64 B | 64 B | 128 B | Ultra-lightweight. Fits any legacy field or network packet. |
| RSA-2048 (Legacy Standard) | 256 B | 256 B | 512 B | Compact. Standard text fields accommodate without modification. |
| ML-DSA-87 — native swap-in | 2,592 B | 4,595 B | 7,187 B | 14× payload inflation vs. RSA-2048. Triggers three independent infrastructure failure modes in existing rails. |
| ML-DSA-87 — PALLAS metadata overlay | 2,592 B | 4,595 B | 7,187 B | Appended as a non-breaking JSON authorization header. Settlement rails, message formats, and database schemas unchanged. |
The cryptographic payload is identical in both integration paths. The architectural question is not whether to accept the lattice-based overhead — it is unavoidable under any NIST-standardized PQC scheme — but where that overhead lands: embedded inside legacy payment rails (catastrophic) or attached as an external non-breaking authorization record (zero disruption).
Attempting to integrate ML-DSA-87 by upgrading existing core payment applications triggers three independent failure modes before a single business logic change is required.
1. Database Schema Truncation. Banking middleware and internal routing systems commonly define security token fields with rigid column sizes (e.g., VARCHAR(512)), engineered during an era when 256-byte RSA signatures represented the upper bound. A 4,595-byte ML-DSA-87 signature inserted into a 512-byte database column produces immediate data truncation, corrupted audit logs, and transaction database crashes. Remediating every security-bearing field across a global bank's internal application estate — which may span 200 or more discrete systems and millions of lines of legacy code — represents a multi-year, multi-hundred-million-dollar remediation programme.
2. Network MTU Fragmentation. Financial transaction networks are engineered for sub-millisecond round-trip times and optimized around standard network Maximum Transmission Unit (MTU) sizes of 1,500 bytes. A complete ML-DSA-87 authorization payload (public key + signature = 7,187 bytes) exceeds this limit by a factor of nearly 5×. Mandatory packet fragmentation introduces out-of-order delivery, retransmission overhead, and unpredictable latency spikes across high-volume SWIFT parsing engines and real-time gross settlement (RTGS) systems where deterministic timing is a regulatory requirement.
3. HSM Performance Collapse. Classical rack-mounted HSMs (Thales Luna Network HSM, Entrust nShield, IBM 4769) implement custom ASIC coprocessors hardcoded to accelerate modular exponentiation (RSA) and elliptic-curve point multiplication (ECDSA/ECDH). These processors have no native instruction path for the polynomial matrix arithmetic required by ML-DSA-87. Software-patching a classical HSM to support lattice-based operations forces the computation into software emulation on the HSM's general-purpose management processor, collapsing verified signing throughput by up to 90% of rated TPS. For institutions operating at 50,000+ transactions per second, this constitutes systemic capacity failure. Full fleet replacement at $40,000–$100,000 per unit across thousands of deployed devices represents an additional $200M–$1.5B in hardware expenditure before any software remediation costs.
The QSK architecture sidesteps each constraint by treating each authorization as a fully independent ceremony with no dependency on retained key state, enabling the performance profile measured in Section 6 of this paper.
The Quantum State Key (QSK) is a biometrically-triggered, quantum-entropy-derived, single-use ephemeral signing key. Its defining property — Chrono-Isolated Secrecy (CIS) — is a term coined by the inventor to describe a hardened post-quantum form of Perfect Forward Secrecy that protects past, present, and future sessions simultaneously. No prior art describes this precise lifecycle: a cryptographic signing key that does not exist before authentication, exists only for the duration of a single signing ceremony, and is cryptographically destroyed immediately after use.
Each authorization event triggers the following sequence. Timing values are empirically measured from the Node.js software implementation; hardware values reflect the PALLAS device target.
The session seed is constructed such that two ceremonies using the same biometric credential and the same QRNG pulse will always produce different signing keys, because a fresh 32-byte random salt is generated per ceremony before the HKDF invocation. This ensures that even in environments where the QRNG source returns a repeated value (e.g., the NIST Beacon's 60-second pulse window), the derived keys remain cryptographically independent.
| Derived Material | Algorithm | Inputs | Lifetime |
|---|---|---|---|
| Credential Key | HKDF-SHA-512 | IAM credential, random session salt (32 B) | Ceremony duration |
| Session Seed | HKDF-SHA-512 | Quantum entropy, credential key, record ID | Ceremony duration |
| ML-DSA-87 Secret Key | ML-DSA-87.keygen | Session seed (first 32 bytes) | Signing event only (0.01 ms destruction) |
| ML-DSA-87 Public Key | ML-DSA-87.keygen | Session seed (first 32 bytes) | Retained for audit ledger (verifying key only) |
The QSK architecture is protected by a CIPO patent application filed April 14, 2026, comprising 71 claims. Notable claims relevant to financial institution deployment include: Claim 46 (entropy-agnostic — covers CSPRNG, QRNG, PUF, ring oscillator, or any entropy source), Claim 53 (software-only TEE implementation — covers Windows Hello, Apple Secure Enclave, TPM 2.0), Claim 60 (algorithm-agnostic — covers any digital signature scheme, present or future), Claim 62 (explicitly covers PQC schemes standardized after filing date), and Claims 69–71 (blockchain transaction signing applications). The Chrono-Isolated Secrecy property — defined as a signing key that does not exist before or after the ceremony window — has no identified prior art.
The software implementation evaluated in this paper is the PALLAS Auth SDK v0.1.0, a Node.js/TypeScript package implementing the full QSK ceremony. All measurements were collected on a commodity Windows 11 machine with no hardware cryptographic acceleration. The benchmark was executed using Node.js ≥ 18 with the @noble/post-quantum library (v0.2.1) for ML-DSA-87 operations and @noble/hashes (v1.4.0) for HKDF-SHA-512 derivation.
| Parameter | Value |
|---|---|
| SDK Version | PALLAS Auth SDK v0.1.0 |
| Runtime | Node.js ≥ 18 (TypeScript via tsx) |
| Signing Algorithm | ML-DSA-87 (CRYSTALS-Dilithium5, NIST FIPS 204, Security Level 5) |
| Key Derivation | HKDF-SHA-512 (@noble/hashes v1.4.0) |
| Entropy Source | CSPRNG (Node.js crypto.getRandomValues) |
| Benchmark Iterations | 1,000 ceremonies × 4 CSPRNG concurrency levels + 100 ceremonies × 2 NIST Beacon levels (4,200 total) |
| Timing Resolution | performance.now() — sub-millisecond precision |
| Execution Model | Full concurrency matrix: c=1, c=5, c=10, c=25 (CSPRNG); c=1, c=5 (NIST Beacon) |
| Test Payload | JSON object: BENCHMARK_TX · $1,000,000 USD · benchmarkRun: true |
| Hardware | Commodity Windows 11 · No hardware crypto acceleration |
Each measurement reflects the complete end-to-end ceremony latency from the initial QRNG fetch call through the return of a verified signed result. Step-level timing is captured using inline performance.now() calls bracketing each discrete operation. A warm-up ceremony was executed prior to the benchmark run to eliminate JIT compilation and WASM initialization effects from reported figures.
In addition to the formal benchmark, five live transaction authorization payloads representing realistic financial instrument types were processed through the REST API layer (POST /authenticate) to validate end-to-end API behavior and confirm that all signed records pass independent post-hoc verification via POST /verify.
| Ceremony Step | Mean (ms) | Notes |
|---|---|---|
| 1. Entropy Fetch (QRNG) | 0.08 | CSPRNG is local and synchronous — mean 0.08 ms across 1,000 ceremonies. NIST Beacon adds ~62–122 ms (network). For air-gapped sandboxes, CSPRNG is recommended. |
| 2. HKDF-SHA-512 Key Derivation | < 0.5 | Subsumed within QRNG timing. HKDF is computationally negligible. |
| 3. ML-DSA-87 Keypair Generation | 5.20 | Pure JavaScript/WASM implementation. Mean across 1,000 ceremonies. On PALLAS hardware (SLC27 TEGRION), native PQC acceleration is expected to reduce this to sub-millisecond range. |
| 4. ML-DSA-87 Signing | 12.39 | Dominant computational step in software. Produces a 4,595-byte signature over the JSON-encoded auth record. Mean across 1,000 ceremonies. |
| 5. Key Material Zeroization | <0.01 | Critical metric. secretKey (4,896 B), sessionSeed (32 B), and quantumEntropy (64 B) overwritten with zeros — 4,992 bytes total. Readback verification confirmed all-zeros on 4,200/4,200 ceremonies. The signing key ceases to exist at this point. |
| 6. Dilithium Gate Verification | 5.31 | Mandatory — result is not returned to the caller until the signature is independently verified. A failed gate returns HTTP 403 and rejects the authorization unconditionally. Mean across 1,000 ceremonies. |
| Total (end-to-end) | 23.91 | Mean across 1,000 warm ceremonies (CSPRNG, concurrency=1). p95: 37.51 ms · p99: 50.71 ms · min: 16.17 ms. Full concurrency matrix (4,200 total ceremonies) available in the supplementary benchmark report. |
Five financial authorization payloads were processed through the REST API during the demonstration session. Each payload was independently verifiable via POST /verify using only the retained ephemeral public key — the secret key had been destroyed before the response was returned.
| # | Transaction Type | Value | Ceremony (ms) | Gate |
|---|---|---|---|---|
| 001 | Cross-border wire — North American Clearing Member → European Correspondent Bank | $5,000,000 USD | 65.36* | PASSED |
| 002 | Bond settlement — Canadian Clearing Member A → Canadian Clearing Member B | $2,750,000 CAD | 35.16 | PASSED |
| 003 | Sovereign RTGS — Bank of Canada LYNX → Federal Reserve Fedwire | $50,000,000 USD | 28.03 | PASSED |
| 004 | Digital asset custody release — Institutional Digital Custodian (ETF Redemption) | 847.5 BTC (~$84.75M) | 37.74 | PASSED |
| 005 | SWIFT MT103 batch — Third-party SWIFT Service Bureau (1,247 messages) | $312,500,000 USD | 31.52 | PASSED |
* Cold start — first ceremony after process launch, inclusive of module initialization overhead.
Transaction 001 was submitted to POST /verify following the signing session. The ML-DSA-87 signature was verified against the retained ephemeral public key. Result: VALID. This confirms the auditability guarantee: any authorization signed under the QSK architecture can be cryptographically verified at any future point by any party holding the public key, regardless of whether the signing key has long since been destroyed.
In a legacy HSM, a successful side-channel attack, firmware exploit, or physical tamper event may recover a private key that remains valid for the remainder of its enrollment period — potentially years of future authorizations. Under the QSK architecture, the attack window is bounded by the ceremony duration (measured mean: 23.91 ms warm, CSPRNG concurrency=1). Even if an adversary could execute a perfect memory acquisition attack at arbitrary times, the probability of capturing a signing key in its ~24 ms existence window, across a process that may perform tens of authorizations per day, is negligibly small. On the physical PALLAS hardware, key material never exits the EAL6+ secure element boundary, reducing this attack surface further to the constraints of the Infineon SLC27's tamper-response circuitry.
The mandatory post-signing verification step — which we term the Dilithium Gate — serves a purpose beyond correctness checking. It ensures that no authorization result is returned to a calling system unless the signature is cryptographically valid against the public key derived from the same ceremony. In the software SDK, this is enforced in code. On the physical PALLAS hardware (Infineon SLC27 TEGRION EAL6+), this gate is enforced at the silicon level: the secure element's output is conditioned on the verification result, and the verification cannot be bypassed by software. All 4,200 benchmark ceremonies across the full concurrency matrix passed the Dilithium Gate unconditionally.
Classical Perfect Forward Secrecy (PFS) as implemented in TLS 1.3 protects the confidentiality of session keys: compromise of a long-term private key does not reveal past session keys, because each session key is ephemeral. The QSK architecture extends this property to the signing domain and eliminates the long-term private key entirely. There is no long-term key to compromise. Chrono-Isolated Secrecy therefore provides stronger guarantees than PFS: not only are past sessions protected from future key compromise, but there is no future key — each ceremony is cryptographically independent and self-contained.
ML-DSA-87 is the highest security level offered by FIPS 204, targeting security equivalent to AES-256 against both classical and quantum adversaries. The underlying mathematical problem — the Module Learning With Errors (MLWE) problem over structured lattices — is not known to be vulnerable to quantum algorithms. Shor's algorithm does not apply to lattice problems. Grover's algorithm provides at most a quadratic speedup against symmetric primitives, which is accounted for in the FIPS 204 security level parameterization. The QSK architecture's algorithm-agnostic design (patent Claim 60) further ensures that the architecture remains valid if ML-DSA-87 is superseded by a future standard, requiring only a parameter update rather than architectural redesign.
The PALLAS Auth SDK is designed for drop-in integration with existing payment authorization pipelines. No modification to settlement rails, message formats, or clearing infrastructure is required. The SDK exposes three REST endpoints suitable for integration with any backend technology stack:
| Endpoint | Method | Purpose |
|---|---|---|
POST /authenticate | POST | Submit a transaction payload and IAM credential. Returns a signed authorization token (ML-DSA-87 signature + public key) and per-step timing metrics. |
POST /verify | POST | Submit a previously signed token. Returns { valid: boolean }. Used for audit trail verification and downstream settlement confirmation. |
GET /benchmark | GET | Execute a configurable throughput benchmark and return latency percentiles and TPS. Parameters: ?iterations=N&concurrency=M. |
The typical integration pattern for a payment authorization workflow is as follows: (1) the core banking system or payment gateway constructs the authorization object; (2) before the instruction enters the settlement rail, the system calls POST /authenticate with the authorization object and the operator's IAM credential; (3) on receipt of a verified signed token, the token is attached to the payment message as a quantum-authenticated authorization header; (4) the signed token travels with the instruction through the rail; (5) at settlement, the receiving institution's system calls POST /verify to confirm the authorization is cryptographically valid. The signing key that produced the authorization no longer exists — it was destroyed within milliseconds of creation — but the verification remains unconditionally valid.
QRNG_SOURCE=csprng to disable external QRNG network calls. All cryptographic properties of the ceremony are identical under CSPRNG; the only difference is the entropy source's quantum physical origin. For environments with controlled internet access, whitelisting beacon.nist.gov enables quantum-sourced entropy via the NIST Randomness Beacon.
The software SDK characterizes the QSK ceremony's cryptographic properties and latency profile on commodity hardware. The PALLAS Enterprise device — Pilon Laboratories' banking-grade hardware variant — replaces each software-emulated component with purpose-built silicon, enforcing the same ceremony at hardware level with no key material ever accessible to host software. Core components are identical across consumer and enterprise variants; the enterprise configuration adds an institutional-grade enclosure, enterprise fleet management firmware, and a FIPS 140-3 Level 3 certification pathway:
| Component | Hardware | Function |
|---|---|---|
| Entropy Source | IDQ6MC1 QRNG | True quantum random number generation, on-device, sub-millisecond. Eliminates network QRNG latency entirely. |
| Secure Element | Infineon SLC27 TEGRION EAL6+ | First commercially available secure element with native PQC hardware acceleration. Enforces Dilithium Gate at silicon level. All key operations occur within the tamper-resistant boundary. |
| Biometric Sensor | Synaptics FS7600 | In-sensor fingerprint matching with liveness detection. Biometric data never leaves the sensor. Prevents relay and replay attacks. |
| Host MCU | NXP LPC55S69 (TrustZone) | ARM TrustZone-M isolation between secure and non-secure worlds. Orchestrates ceremony and peripheral communication. |
| Deployment | PALLAS Enterprise | Officer-desk form factor for institutional deployment. Enterprise fleet management with centralized audit logging. FIPS 140-3 Level 3 certification pathway in progress. Classical network HSM equivalents (Thales Luna, nShield, IBM 4769) carry acquisition costs of $40,000–$100,000+ per unit and provide no post-quantum signing capability. PALLAS Enterprise delivers native ML-DSA-87 ephemeral signing with hardware QRNG and biometric liveness detection — a combination unavailable at any price in classical HSM architectures. Commercial delivery Q2 2027. See commercial matrix below. |
On the PALLAS Enterprise device, the total QSK ceremony target is 50–150 ms, with QRNG entropy acquisition measured in microseconds (vs. 0.08 ms software CSPRNG and 62–450 ms NIST Beacon). The SLC27 TEGRION's native post-quantum coprocessor is expected to reduce key generation and signing times to sub-millisecond ranges. The software SDK figures reported in Section 6 therefore represent a conservative baseline; production hardware performance will be reported separately following prototype validation.
The PALLAS Enterprise QEV Edition extends the base signing module with a physically isolated quantum-encrypted document vault on a dedicated PCB partition. The vault section carries no electrical path to the network-connected signing module — it is air-gapped by design, accessible exclusively via biometric authentication at the device itself. Every file operation (write, read, delete) triggers an independent QSK ceremony, producing a unique ML-DSA-87 signature bound to that operation. Files are stored in the PALLAS Quantum Encrypted Vault format and never traverse any network interface under any operating mode.
Internal NVMe storage supports up to 245 TB per drive using enterprise E3.L form-factor NVMe (Kioxia LC9-class, PCIe Gen5, QLC NAND with CBA packaging — currently in enterprise sampling, targeted for commercial availability ahead of the Q2 2027 PALLAS Enterprise delivery window). A dual-drive configuration supports up to 491 TB behind the tamper boundary. The vault is appropriate for board-level communications, M&A documentation, regulatory correspondence, and any class of material whose sensitivity requires air-gapped physical custody. Officers retain their vault data on the physical device; no cloud, no server, no network path exists.
PALLAS Enterprise is offered under a phased commercial model. Phase 1 allows institutions to begin evaluating the QSK architecture immediately via software SDK, generating recurring revenue that funds ongoing hardware engineering. Phase 2 delivers the complete Chrono-Isolated Secrecy enforcement stack at silicon level. Phase 1 sandbox and licensing fees are credited in full against Phase 2 Year 1 costs upon execution of a production agreement.
Phase 1 — Software-Only SDK Infrastructure (Available Now)
| Engagement | Price (USD) | Description |
|---|---|---|
| Sandbox Evaluation — 60 days | From $70,000 | SDK source access, REST API integration, CSPRNG-mode air-gapped testing, full benchmark reporting, and integration support. Hardware evaluation units included where available. Contact Pilon Laboratories for an institutional evaluation proposal. |
| Regional Software License | $1,500,000 / year | Full REST API access, all algorithm variants (ML-DSA-87 / SLH-DSA-128s), software updates, and enterprise support SLA. Per region. Sandbox evaluation fees credited against Year 1. Upgrades to Phase 2 hardware-bonded license at any time. |
Phase 2 — Hardware-Bonded Ecosystem (Production — Q2 2027)
| Configuration | Pre-Certification (USD) | Post-FIPS 140-3 L3 (USD) |
|---|---|---|
| Regional Standard + HSM License — per region | $2,500,000 / year · Full hardware-bonded API, all algorithm variants, updates, SLA, compliance documentation. Covers regional deployment. Phase 1 fees credited against Year 1. | |
| Global Uncapped License — unlimited deployment | $3,500,000 / year · Full hardware-bonded API, all algorithm variants, updates, SLA, compliance documentation. No per-site or per-region cap — institution-wide global rollout rights. Phase 1 fees credited against Year 1. | |
| PALLAS Base — Signing module only | $89,999 | $145,000 |
| PALLAS Entry — 4 TB air-gapped QEV vault | $109,999 | $159,000 |
| PALLAS Mid — 61 TB air-gapped QEV vault | $124,999 | $179,000 |
| PALLAS Pro — 245 TB air-gapped QEV vault (1 × PCIe Gen5 E3.L) | $149,999 | $205,000 |
| PALLAS Max — 491 TB air-gapped QEV vault (2 × PCIe Gen5 E3.L) | $189,999 | $249,000 |
Pre-certification pricing reflects early-adopter access. Post-certification pricing reflects the fully FIPS 140-3 Level 3 validated production configuration. Hardware pricing is one-time per unit. All prices USD. Volume fleet and multi-jurisdiction arrangements subject to bespoke negotiation.
The QSK architecture and its Chrono-Isolated Secrecy property represent a principled response to the convergence of two threats facing financial institutions: the imminent arrival of cryptographically-relevant quantum computers, and the structural vulnerability introduced by long-lived private keys in legacy HSM deployments. By eliminating key persistence as a design property — rather than merely protecting it through hardware enclosure — QSK removes an entire attack surface class from the threat model.
The Node.js benchmark data presented in this paper establishes the software baseline: 23.91 ms mean ceremony latency (CSPRNG, concurrency=1), 41.80 ceremonies per second sustained throughput, and under 0.01 ms key destruction time on commodity hardware with no cryptographic acceleration. 4,992 bytes of key material per ceremony were confirmed all-zeros via readback verification across all 4,200 ceremonies in the full concurrency matrix. Throughput remained stable at 40–44 TPS across concurrency levels 1, 5, 10, and 25, confirming algorithm consistency under concurrent load. Signed records remain independently verifiable via retained ephemeral public keys indefinitely, providing a cryptographically sound audit trail compatible with regulatory inquiry requirements.
We invite Chief Quantum Risk Officers and their cryptographic architecture teams to evaluate the PALLAS Auth SDK within their sandbox environments under a structured Paid Proof-of-Concept agreement. The SDK is deployable in fully air-gapped environments, requires no modification to existing payment rail infrastructure, and produces signed authorization tokens compatible with any downstream settlement system capable of accepting structured JSON metadata.
1 Shor, P.W. (1994). Algorithms for quantum computation: discrete logarithms and factoring. Proceedings 35th Annual Symposium on Foundations of Computer Science. IEEE.
2 National Security Agency (2022). Quantum Computing and Post-Quantum Cryptography FAQ. NSA Cybersecurity Information Sheet.
3 National Institute of Standards and Technology (2024). Module-Lattice-Based Digital Signature Standard (ML-DSA). FIPS 204.
4 Pilon Laboratories Inc. (2026). Quantum State Key — CIPO Patent Application. Filed April 14, 2026. 71 claims. Inventor: Derek Arsenault.
5 Infineon Technologies AG (2024). SLC27 TEGRION — Security Controller with Native PQC Support. Product Brief.
All benchmark figures are empirically measured. Raw benchmark data, SDK source code, and REST API specifications are available under a Confidential Disclosure Agreement for evaluation by qualified financial institution security teams.